Quotulatiousness

November 14, 2013

How the internet was “weaponized”

Filed under: Government, Technology, USA — Tags: , , , , , — Nicholas @ 07:45

In Wired, Nicholas Weaver looks back on the way the internet was converted from a passive network infrastructure to a spy agency wonderland:

According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone. It appears that the NSA and GCHQ were the first to turn the internet backbone into a weapon; absent Snowdens of their own, other countries may do the same and then say, “It wasn’t us. And even if it was, you started it.”

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgicom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

[…]

The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.

Encryption doesn’t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.

There are many engineering and logistic difficulties involved in encrypting all traffic on the internet, but its one we must overcome if we are to defend ourselves from the entities that have weaponized the backbone.

September 15, 2013

Bruce Schneier on what you can do to stay out of the NSA’s view

Filed under: Liberty, Technology — Tags: , , , , , — Nicholas @ 10:44

Other than going completely off the grid, you don’t have the ability to stay completely hidden, but there are some things you can do to decrease your visibility to the NSA:

With all this in mind, I have five pieces of advice:

  1. Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.
  2. Encrypt your communications. Use TLS. Use IPsec. Again, while it’s true that the NSA targets encrypted connections — and it may have explicit exploits against these protocols — you’re much better protected than if you communicate in the clear.
  3. Assume that while your computer can be compromised, it would take work and risk on the part of the NSA — so it probably isn’t. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the Internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my Internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it’s pretty good.
  4. Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
  5. Try to use public-domain encryption that has to be compatible with other implementations. For example, it’s harder for the NSA to backdoor TLS than BitLocker, because any vendor’s TLS has to be compatible with every other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it’s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

Since I started working with Snowden’s documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I’m not going to write about. There’s an undocumented encryption feature in my Password Safe program from the command line; I’ve been using that as well.

I understand that most of this is impossible for the typical Internet user. Even I don’t use all these tools for most everything I am working on. And I’m still primarily on Windows, unfortunately. Linux would be safer.

The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.

Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.

September 6, 2013

Bruce Schneier on taking back the internet

Filed under: Liberty, Technology, USA — Tags: , , , , — Nicholas @ 08:51

From his article in yesterday’s Guardian:

This is not the internet the world needs, or the internet its creators envisioned. We need to take it back.

And by we, I mean the engineering community.

Yes, this is primarily a political problem, a policy matter that requires political intervention.

But this is also an engineering problem, and there are several things engineers can — and should — do.

One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don’t cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers.

We need to know how exactly how the NSA and other agencies are subverting routers, switches, the internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I’ve just started collecting. I want 50. There’s safety in numbers, and this form of civil disobedience is the moral thing to do.

Two, we can design. We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.

We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems — these will be harder for the NSA to subvert.

The Internet Engineering Task Force, the group that defines the standards that make the internet run, has a meeting planned for early November in Vancouver. This group needs to dedicate its next meeting to this task. This is an emergency, and demands an emergency response.

Update: Glenn Greenwald retweeted this, saying it was “not really hard for a rational person to understand why this is newsworthy”.

August 9, 2013

Locking the (electronic) barn door

Filed under: Law, Media, Technology — Tags: , , , — Nicholas @ 08:03

The encrypted email service that was reportedly used by Edward Snowden just announced that it will be shutting down:

Today, Lavabit announced that it would shut down its encrypted email service rather than “become complicit in crimes against the American people.” Lavabit did not say what it had been asked to do, only that it was legally prohibited from sharing the events leading to its decision.

Lavabit was an email provider, apparently used by Edward Snowden along with other privacy sensitive users, with an avowed mission to offer an “e-mail service that never sacrifices privacy for profits” and promised to “only release private information if legally compelled by the courts in accordance with the United States Constitution.” It backed up this claim by encrypting all emails on Lavabit servers such that Lavabit did not have the ability to access a user’s email (Lavabit’s white paper), at least without that user’s passphrase, which the email provider did not store.

Given the impressive powers of the government to obtain emails and records from service providers, both with and without legal authority, it is encouraging to see service providers take steps to limit their ability to access user data, as Lavabit had done.

[…]

Lavabit’s post indicates that there was a gag order, and that there is an ongoing appeal before the Fourth Circuit. We call on the government and the courts to unseal enough of the docket to allow, at a minimum, the public to know the legal authority asserted, both for the gag and the substance, and give Lavabit the breathing room to participate in the vibrant and critical public debates on the extent of email privacy in an age of warrantless bulk surveillance by the NSA.

July 20, 2013

UK government inches closer to giving posthumous pardon to Alan Turing

Filed under: Britain, History, Law, WW2 — Tags: , , — Nicholas @ 09:50

In the Guardian, Nicholas Watt updates the news on a private member’s bill that would give Alan Turing a pardon:

Alan Turing, the Enigma codebreaker who took his own life after being convicted of gross indecency under anti-homosexuality legislation, is to be given a posthumous pardon.

The government signalled on Friday that it is prepared to support a backbench bill that would pardon Turing, who died from cyanide poisoning at the age of 41 in 1954 after he was subjected to “chemical castration”.

Lord Ahmad of Wimbledon, a government whip, told peers that the government would table the third reading of the Alan Turing (statutory pardon) bill at the end of October if no amendments are made. “If nobody tables an amendment to this bill, its supporters can be assured that it will have speedy passage to the House of Commons,” Ahmad said.

The announcement marks a change of heart by the government, which declined last year to grant pardons to the 49,000 gay men, now dead, who were convicted under the 1885 Criminal Law Amendment Act. They include Oscar Wilde.

Update: On the other hand, Matt Ridley thinks that there’s a major problem with this approach.

That Turing deserved an apology in his lifetime for this appalling treatment is not in doubt. What will be debated tomorrow is whether a posthumous pardon from today’s Government is right, or may be a further insult to his memory. After all, the word pardon implies that his crime is still a crime, which it is not, and it will do nothing for the victim (especially since he was an atheist), and do nothing to untarnish his reputation, which history has already fully untarnished. Also it could be unfair to other, less famous convicted gay men and may even seem to rewrite history rather than leaving it starkly to reproach us. By rights, Turing should be pardoning the Government, but that’s not possible.

So it is not easy to judge if a pardon is the right thing. For my part, I think a greater matter is at issue — whether we have done enough to recognise Turing’s scientific reputation and how we put that right. It becomes clearer by the day that, irrespective of his tragic end and even of his secret war service, he ranks for the momentous nature of his achievements with the likes of Francis Crick and Albert Einstein in the 20th-century scientific pantheon. This was not just a moderately good scientist made famous by persecution; this was the author of a really big idea.

[…]

When the war broke out, Turing’s genius proved as practical as it had been ethereal in the 1930s. His crucial contributions to three successive computing innovations at Bletchley Park — the “bombe” machines for replicating the settings of the German Enigma encryption machine, the later cracking of the naval Enigma machine enabling U-boat traffic to be read, and finally the Colossus computer that broke the Germans’ “tunny” cipher machine — provided Churchill with the famous “ultra” decrypts that almost certainly shortened the war and saved millions of lives in battlefields, ships and camps.

For this he was appointed OBE, but secrecy shrouded his work until long after his death, so he wasn’t known to be a hero, let alone the man who saved so many lives. He moved to what would become GCHQ, but in the paranoid days after Burgess and Maclean fled east, his homosexuality conviction categorised him as a security risk.

July 5, 2013

The secret army of monitors who fed Enigma signals to Bletchley Park

Filed under: Britain, Germany, History, Italy, Military, WW2 — Tags: — Nicholas @ 08:20

The BBC remembers the volunteer radio tinkerers who helped win the intelligence war in Europe:

One day, towards the start of World War II, a captain wearing the Royal Signals uniform knocked on a British teenager’s door.

The 16-year-old was called Bob King. When he went to greet the visitor, he had no idea that soon he would become one of Britain’s so-called “voluntary interceptors” — some 1,500 radio amateurs recruited to intercept secret codes broadcast by the Nazis and their allies during the war.

“The captain asked me if I would be willing to help out with some secret work for the government,” remembers Mr King, now 89. “He wouldn’t tell me any more than that.

“He knew that I could read Morse code – that was the essential thing.”

[. . .]

By mid-1941, the new base, Arkley View, was receiving about 10,000 message sheets a day from its recruits.

“I worked for five years scrutinising the logs that came in from the other amateurs — thousands of log sheets with the signals which we knew were wanted, and you could only know it from experience,” remembers Mr King.

“We knew it wasn’t Allied army air force, we knew it was German or Italian — various things gave that away, but it was disguised in such a form that it looked a bit like a radio amateur transmission.

“We knew it was highly important, everything was marked ‘top secret,’ but only many years later we discovered that it was German secret service we were listening to.

“Of course you didn’t ask questions in those days, otherwise you’d be in real trouble.”

Encoded messages were transmitted to Bletchley Park in Buckinghamshire, the UK’s former top-secret code-cracking centre.

Once decoded, the data was sent to the Allied Commanders and the UK Prime Minister, Winston Churchill.

June 29, 2013

Jeff Jarvis calls for private encryption

Filed under: Liberty, Media, Technology — Tags: , , , — Nicholas @ 10:27

In the Guardian, Jeff Jarvis makes the case for internet communications to be protected by encryption:

Assuring the security of private communications regardless of platform — email, VOIP, direct message — should be a top priority of the internet industry in the aftermath of Edward Snowden’s revelations that US and UK governments are tapping into the net’s traffic.

The industry needs to at least come together to offer encryption for private communications as protection against government surveillance.

Guarantee of private communications should be a matter of law already. But, of course, it is not. In the US, only our first-class physical mail is protected from government surveillance without a warrant. In the UK, it was a case of opened mail that led to the closing of the Secret Department of the Post Office. As a matter of principle, the protection afforded our physical mail should extend to any private communication using any means. Just because the authors of the Fourth Amendment could not anticipate the internet and email, let alone Facebook, that should not grant government spies a loophole from the founders’ intent.

That protection could come from Congress, but it won’t. It could come from the courts, but it hasn’t.

I argued in my book Public Parts that government may try to portray itself as the protector of our privacy, but it is instead the most dangerous enemy of privacy, for it can gather our information without our knowledge and consent — that is the lesson of Snowden’s leaks — and has the power to use it against us.

1948 and the “Black Friday” of cryptanalysis

Filed under: Books, History, Technology, USA — Tags: , , , — Nicholas @ 09:05

In Salon, Andrew Leonard looks at the early years of the NSA:

On Oct. 29, 1948, the Soviet Union suddenly changed all its ciphers and codes. What later became known as “Black Friday” delivered a huge shock to the two U.S. intelligence agencies that had conducted the bulk of American code-breaking efforts during World War II and its immediate aftermath. Before Black Friday, the Army’s SIS and the Navy’s OP-20-G complacently assumed that they had acquired the keys to most of the world’s encrypted communications. But with a flip of the switch the U.S. was once again in the dark — just as the Cold War was heating up.

“One of the gravest crises in the history of American cryptanalysis,” writes historian Colin Burke, led directly to the 1949 merging of the SIS and OP-20-G into the Armed Forces Security Agency. Three years later, another bureaucratic shuffle transformed the AFSA into the National Security Agency. A sense of panic induced by the “Soviets’ A-Bomb, the Berlin Blockade, the forming of the satellite bloc in Eastern Europe, the fall of China, and the Korean War” — all of which “were not predicted” by the intelligence agencies — encouraged the U.S. government to authorize the NSA to spend tens of millions of dollars on computer research, in the hope that technological advances would help crack the new Soviet codes.

Colin Burke is the author of It Wasn’t All Magic: The Early Struggle to Automate Cryptanalysis, 1930s-1960s. Burke completed his history in 1994, but until last week, his volume of crypto-geekery had only a handful of readers. Part of a series produced by the NSA’s Center for Cryptological History, It Wasn’t All Magic was considered classified material until May 2013, and was only made available online on June 24.

Nice timing! With the NSA currently occupying its highest public profile in living memory, a look back at its early history is quite instructive. It is useful to be reminded that the mandate to spy and surveil and break codes was absolutely critical to the early growth and evolution of computer technology. Some things never change: The immense effort required to crack German and Japanese codes during World War II are an early example of the intimidating challenges posed by what we now call “big data.”

It’s actually quite surprising that it took the Soviets until 1948 to change their codes: from 1942 or so, Britain and the US were sharing their Enigma decryptions of top-secret German messages with the Soviet Union. Even if the information was provided without the original text, the Soviets were fully aware that this was the fruit of decryption, not human spy reports. At the end of World War 2, that Anglo-American expertise would obviously have been redeployed to other ends … and reading Soviet message traffic clearly would be one of the more interesting sources of data.

April 18, 2013

Reason.tv: Why Bitcoin is Here to Stay

Filed under: Economics, Technology — Tags: , , , — Nicholas @ 10:29

Don’t bet on the decentralized currency Bitcoin as a retirement investment, says Mercatus Center policy analyst Jerry Brito, but go long on it as the payment system of the future. Reason‘s Nick Gillespie talks with Brito, the editor of the new anthology Copyright Unbalanced, about Bitcoin bubbles and why governments are so afraid of this virtual payment system.

April 12, 2013

The Economist explains how Bitcoins work

Filed under: Economics, Technology — Tags: , , , , — Nicholas @ 09:28

A brief overview of the much-talked-about digital currency:

BITCOIN, the world’s “first decentralised digital currency”, was launched in 2009 by a mysterious person (or persons) known only by the pseudonym Satoshi Nakamoto. It has been in the news this week as the value of an individual Bitcoin, which was just $20 at the beginning of February, hit record highs above $250, before falling abruptly to below $150 on April 11th. What exactly is Bitcoin, and how does it work?

Unlike traditional currencies, which are issued by central banks, Bitcoin has no central monetary authority. Instead it is underpinned by a peer-to-peer computer network made up of its users’ machines, akin to the networks that underpin BitTorrent, a file-sharing system, and Skype, an audio, video and chat service. Bitcoins are mathematically generated as the computers in this network execute difficult number-crunching tasks, a procedure known as Bitcoin “mining”. The mathematics of the Bitcoin system were set up so that it becomes progressively more difficult to “mine” Bitcoins over time, and the total number that can ever be mined is limited to around 21m. There is therefore no way for a central bank to issue a flood of new Bitcoins and devalue those already in circulation.

And a bit more technical detail:

All transactions are secured using public-key encryption, a technique which underpins many online dealings. It works by generating two mathematically related keys in such a way that the encrypting key cannot be used to decrypt a message and vice versa. One of these, the private key, is retained by a single individual. The other key is made public. In the case of Bitcoin transactions, the intended recipient’s public key is used to encode payments, which can then only be retrieved with the help of the associated private key. The payer, meanwhile, uses his own private key to approve any transfers to a recipient’s account.

This provides a degree of security against theft. But it does not prevent an owner of Bitcoins from spending his Bitcoins twice—the virtual analogue of counterfeiting. In a centralised system, this is done by clearing all transactions through a single database. A transaction in which the same user tries to spend the same money a second time (without having first got it back through another transaction) can then be rejected as invalid.

The whole premise of Bitcoin is to do away with a centralised system. But tracking transactions in a sprawling, dispersed network is tricky. Indeed, many software developers long thought it was impossible. It is the problem that plagued earlier attempts to establish virtual currencies; the only way to prevent double spending was to create a central authority. And if that is needed, people might as well stick with the government devil they know.

To get around this problem, Bitcoins do not resemble banknotes with unique serial numbers. There are no virtual banknote files with an immutable digital identity flitting around the system. Instead, there is a list of all transactions approved to date. These transactions come in two varieties. In some, currency is created; in others, nominal amounts of currency are transferred between parties.

April 10, 2013

If there’s a “Bitcoin bubble”, it doesn’t predict long term success or failure for the currency

Filed under: Economics, History, Technology — Tags: , , , , , — Nicholas @ 12:55

In Forbes, Tim Worstall explains that calling the current rise in Bitcoin value a bubble does not actually pass a judgement on whether Bitcoin will be a long term success:

And yes, I’m still of the opinion that Bitcoin is in a bubble. You know the walks like a duck, quacks like a duck idea? If it does those then it’s a duck. And the price changes that we’re seeing in Bitcoin make me and many other observers think that Bitcoin really is in a bubble. Indeed, there’s some nice work here showing that many of the Bitcoins in existence are being hoarded and that in itself is bubble behaviour.

However, do let me make one more thing clear: whether or not Bitcoin is in a bubble or not doesn’t mean that Bitcoin will succeed or not. They are entirely different questions, as different as is your wife Welsh or is your dog female? They really have no connection with each other at all.

Let us take the standard bubble example always used, the Dutch tulipmania. We could use others, the South Sea Bubble, the dot com boom, or we could even use an entirely different set of examples, say the introduction of the automobile. That last being when a new technology arrived without a speculative bubble around it.

The point of the first three, and let’s stick with tulips, is that there really was a quite obvious bubble in the prices of them. Most of the participants in the bubble (as with the other two) knew quite well that it was a bubble too. Prices were way out of line with any sort of “true value”. However, do note this very well: the tulip did indeed go on to become an important part of the Dutch economy. Indeed, it’s still there right now. Vast fields of tulips are grown there every year to supply cut flowers and bulbs for replanting that are shipped all over Europe. It’s actually become so important that other flowers, grown outside Europe, are still marketed through Holland as that’s where all the skill and infrastructure is.

April 9, 2013

Bitcoins as Tulips or viable virtual gold?

Filed under: Economics, Law, Liberty — Tags: , , , , — Nicholas @ 10:27

In the New Yorker, Maria Bustillos reviews the history of bitcoins:

In many ways, bitcoins function essentially like any other currency, and are accepted as payment by a growing number of merchants, both online and in the real world. But they are generated at a predetermined rate by an open-source computer program, which was set in motion in January of 2009. This program produced each one of the nearly eleven million bitcoins in circulation (with a total value just over a billion dollars at the current rate of exchange), and it runs on a massive peer-to-peer network of some twenty thousand independent nodes, which are generally very powerful (and expensive) G.P.U. or ASIC computer systems optimized to compete for new bitcoins. (Standards vary, but there seems to be a consensus forming around Bitcoin, capitalized, for the system, the software, and the network it runs on, and bitcoin, lowercase, for the currency itself.)

[. . .]

There is an upper limit of twenty-one million new coins built into the software; the last one is projected to be mined in 2140. After that, it is presumed that there will be enough traffic to keep rewards flowing in the form of transaction fees rather than mining new coins. For now, the bitcoins are initially issued to the miners, but are distributed when miners buy things with them or sell them to non-miners (such as jumpy Spanish bank depositors) who desire an alternative currency. The chain of ownership of every bitcoin in circulation is verified and registered with a timestamp on all twenty thousand network nodes. This prevents double spending, since no coin can be exchanged without the authentication of some twenty thousand independent cyber-witnesses. In order to hack the network, you would have to deceive over half of these computers at the same time, a progressively more difficult task and, even today, a very formidable one.

[. . .]

A casual review of Nakamoto’s various blog posts and bulletin-board comments also confirms that, from the first, Bitcoin was devised as a system for removing the possibility of corruption from the issuance and exchange of currency. Or, to put it another way: rather than trusting in governments, central banks, or other third-party institutions to secure the value of the currency and guarantee transactions, Bitcoin would place its trust in mathematics. At the P2P Foundation, Nakamoto wrote a blog post describing the difference between bitcoin and fiat currency:

    [Bitcoin is] completely decentralized, with no central server or trusted parties, because everything is based on crypto proof instead of trust. The root problem with conventional currency is all the trust that’s required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust. Banks must be trusted to hold our money and transfer it electronically, but they lend it out in waves of credit bubbles with barely a fraction in reserve. We have to trust them with our privacy, trust them not to let identity thieves drain our accounts… With e-currency based on cryptographic proof, without the need to trust a third party middleman, money can be secure and transactions effortless.

* * *

Much of what has been written so far about bitcoins has centered on the perceived dangers of their relative anonymity, the irreversibility of transactions, and on the fact that they can be used for money laundering and for criminal dealings, such as buying drugs on the encrypted Web site Silk Road. This fearmongering is a red herring, and has so far prevented the rational evaluation of the potential benefits and shortcomings of crypto-currency.

Cash is also anonymous; it is also used in money laundering and illegal transactions. Like bitcoins, stolen cash is difficult to recover, and a cash transaction can’t readily be traced back to the source. Nor is there immediate recourse for the reversal of transactions, as with credit-card chargebacks or bank refunds when one’s identity has been stolen. However, I find it difficult to believe that anyone who has written critically of the dangers of bitcoin would prefer an economy where private cash transactions are illegal.

Update: Meet the $2 Million Bitcoin Pizza.

Floridian Laszlo Hanyecz thought it would be “interesting” to be able to say he paid for a pizza in bitcoins. He worked out a deal where he transferred 10,000 of his bitcoins to a guy in England, who ordered him two pizzas from Papa Johns.

Today, one Redditor notes, those 10,000 bitcoins would be worth about $2.3 million, thanks (in part) to folks fleeing unstable and politically risky state currencies in Cyprus and elsewhere.

Some news outlets are covering this as a “doh!” story. But these pizzas were a huge publicity boon for Bitcoin, contributing to the success of the currency today. If Lazslo had been a hoarder, perhaps his bitcoins would be worth very little now. Cashing in bitcoins for pizza when they were worth a fraction of a cent each is not obviously smarter or stupider than selling now would be, with bitcoins trading at $234. It’s a bet on which way the market is headed, that’s all.

December 5, 2012

Code used by Roger Williams in the 1600s is finally cracked

Filed under: Books, History, Media, Technology — Tags: , — Nicholas @ 11:10

I first read about Roger Williams in Murray Rothbard’s Conceived in Liberty, but I didn’t know that Williams had left coded notes that had defied analysis until now:

The obscure book’s margins are virtually filled with clusters of curious foreign characters — a mysterious shorthand used by 17th century religious dissident Roger Williams.

For centuries the scribbles went undeciphered. But a team of Brown University students has finally cracked the code.

Historians call the now-readable writings the most significant addition to Williams scholarship in a generation or more. Williams is Rhode Island’s founder and best known as the first figure to argue for the principle of the separation of church and state that would later be enshrined in the Bill of Rights.

[. . .]

Fisher said the new material is important in part because it’s among Williams’ last work, believed to have been written after 1679 in the last four years of his life.

The new discovery is remarkable on several levels, Widmer said.

“Part of it was the excitement of a mystery being cracked, and part of it was Roger Williams is very famous in Rhode Island — no other state has a founder as tied up with the state’s identity as Rhode Island,” he said. “To have a major new source, a major new document, from Roger Williams is a big deal.”

H/T to Bruce Schneier for the link.

September 2, 2012

The importance of encryption for private citizens

Filed under: History, Liberty, Technology — Tags: , , , , — Nicholas @ 11:26

Wendy McElroy relates one of the earliest examples of private encryption in the young American republic:

In America, the tug of war between privacy and forced access to encrypted data is as old as the nation’s formation. As always, forced access was executed by authorities against individuals.

In 1785, a resolution authorized the secretary of the Department of Foreign Affairs to open and inspect any mail that related to the safety and interests of the United States. The ensuing inspections caused prominent men, like George Washington, to complain of mail tampering. According to various historians, it also led James Madison, Thomas Jefferson and James Monroe to correspond in code. That is, they encrypted their letters to preserve the privacy of their political discussions.

The need for Founding Fathers to encrypt their correspondence is high irony. The intrusive post office against which they rebelled had been established specifically to provide a free flow of political opinion. In the 1770′s, Sam Adams urged the 13 colonies to create an independent postal system because the existing post office, established by the British, acted as a barrier to the spread of rebellious sentiment. Dorothy Ganfield Fowler in her book Unmailable: Congress and the Post Office observed, “He [Adams] claimed the colonial post office was made use of for the purpose of stopping the ‘Channels of publick Intelligence and so in Effect of aiding the measures of Tyranny.’”

Alas, the more government changes, the more oppression remains the same. Soon the Continental Congress itself wanted to declare some types of matter ‘unmailable’ because their content were deemed dangerous. Anti-Federalist letters and periodicals became one of the first types of information to become de facto unmailable. (Anti-federalists resisted centralized government and rejected a Constitution without a Bill of Rights.) During the ratification debates on the Constitution, the Anti-Federalists were unable to circulate their material through the Federalist-controlled post office.

May 15, 2012

Nerd politics: problems and opportunities

Filed under: Government, Liberty, Politics, Technology — Tags: , , , , , , — Nicholas @ 00:08

Cory Doctorow in the Guardian on the current state of “nerd politics:

In the aftermath of the Sopa fight, as top Eurocrats are declaring the imminent demise of Acta, as the Trans-Pacific Partnership begins to founder, as the German Pirate party takes seats in a third German regional election, it’s worth taking stock of “nerd politics” and see where we’ve been and where we’re headed.

Since the earliest days of the information wars, people who care about freedom and technology have struggled with two ideological traps: nerd determinism and nerd fatalism. Both are dangerously attractive to people who love technology.

In “nerd determinism,” technologists dismiss dangerous and stupid political, legal and regulatory proposals on the grounds that they are technologically infeasible. Geeks who care about privacy dismiss broad wiretapping laws, easy lawful interception standards, and other networked surveillance on the grounds that they themselves can evade this surveillance. For example, US and EU police agencies demand that network carriers include backdoors for criminal investigations, and geeks snort derisively and say that none of that will work on smart people who use good cryptography in their email and web sessions.

But, while it’s true that geeks can get around this sort of thing — and other bad network policies, such as network-level censorship, or vendor locks on our tablets, phones, consoles, and computers — this isn’t enough to protect us, let alone the world. It doesn’t matter how good your email provider is, or how secure your messages are, if 95% of the people you correspond with use a free webmail service with a lawful interception backdoor, and if none of those people can figure out how to use crypto, then nearly all your email will be within reach of spooks and control-freaks and cops on fishing expeditions.

[. . .]

If people who understand technology don’t claim positions that defend the positive uses of technology, if we don’t operate within the realm of traditional power and politics, if we don’t speak out for the rights of our technically unsophisticated friends and neighbours, then we will also be lost. Technology lets us organise and work together in new ways, and to build new kinds of institutions and groups, but these will always be in the wider world, not above it.

« Newer PostsOlder Posts »

Powered by WordPress